PCI V3 - are you confidant that you are now compliant? And what do you do next? We look at how you should ensure you are implementing the requirements of PCI v3 correctly to ensure that you do not fall short of compliance, and where that might happen. Register to find out more!

SC Magazine's SC Congress returned to London on 3 March, 2015 with an all new programme! Hundreds of industry insiders attended the full day of hard-hitting information security news and solutions from leaders in their fields.
Check back soon for information on the next SC Congress.

When should you ban personal mobile use? Is Choose your own device appropriate, or can you safely harness the cost savings of Bring Your Own Device? Register today for this free editorial webcast to find out more as disucss..

RATING BREAKDOWN

QUICK READ

Strengths: Easy install and a logical dashboard, great all-around support

Weaknesses: First use of the product can be a bit confusing

Verdict: This product is great for security analysis of a database, and the cost is at the very low end of products tested

AppDetective primarily looks for security holes inside a number of popular database servers. The user interface then makes it easy to determine which steps of the scan should be performed next. The application also includes a penetration test feature, which truly performs a vulnerability assessment of the database.

We did have some initial trouble figuring out the correct menu to configure the network interface for the product to use. From there, the program performs a network discovery that identifies SQL, Oracle and web servers. This program is different in that rather than detecting web application vulnerabilities, it looks for vulnerabilities in the back-end database.

The solution also includes a fix-script feature that allows for faster remediation of vulnerabilities. AppDetective is part of a suite of products that also includes DB Protect, which provides activity monitoring, patch management and database encryption. These offerings work to protect the database after the scan in real time.

The installation of AppDetective also put in some necessary additional components, including XML and a kind of SQL database. The application can also use Access for storing the results, so you don't necessarily have to install SQL. The program installation was straightforward and only needed next to be clicked a few times.

Documentation is included electronically in the form of PDF files. The information is easy to follow, with a logical layout. The documentation is probably necessary for most administrators. The documents we looked at were indexed and searchable, which made finding the information we wanted a lot easier and quicker.

Phone assistance is available, and the list price for AppDetective includes standard support between 9am and 9pm. Additional support is available for a fee.

Support is also available through the vendor's website, and access to the portal is password-protected. Email support is also on offer, and we received a very fast response when we tested this.

The pricing for the AppDetective offering was at the low end of the price spectrum with, pricing beginning at just £450. Since support and maintenance is included in this price, we think it represents excellent value for money.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.